package com.example.ems.servlet;

import com.example.ems.bean.User;
import com.example.ems.dao.UserDAO;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;

@WebServlet("/AuthServlet")
public class AuthServlet extends HttpServlet {
    private UserDAO userDAO;

    public void init() { userDAO = new UserDAO(); }

    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String action = request.getParameter("action");
        if ("login".equals(action)) {
            String username = request.getParameter("username");
            String password = request.getParameter("password");
            User user = userDAO.getUserByUsername(username);
            if (user != null && user.getPassword().equals(password)) {
                request.getSession().setAttribute("userRole", user.getRole());
                request.getSession().setAttribute("loggedInUser", user.getUsername());
                request.getSession().setAttribute("userRole", user.getRole());

                response.sendRedirect(request.getContextPath() + "/index.jsp");
            } else {
                request.setAttribute("error", "用户名或密码错误");
                request.getRequestDispatcher("/login.jsp").forward(request, response);
            }
        } else if ("register".equals(action)) {
            String username = request.getParameter("username");
            String password = request.getParameter("password");
            if (username == null || password == null || username.isEmpty() || password.isEmpty()) {
                request.setAttribute("error", "用户名和密码不能为空");
                request.getRequestDispatcher("/register.jsp").forward(request, response);
                return;
            }
            if (userDAO.getUserByUsername(username) != null) {
                request.setAttribute("error", "用户名已存在");
                request.getRequestDispatcher("/register.jsp").forward(request, response);
            } else {
                User user = new User();
                user.setUsername(username);
                user.setPassword(password); // 实际应加密
                user.setRole("user");
                userDAO.addUser(user);
                request.setAttribute("msg", "注册成功，请登录！");
                request.getRequestDispatcher("/login.jsp").forward(request, response);
            }
        }
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String action = request.getParameter("action");
        if ("logout".equals(action)) {
            HttpSession session = request.getSession(false);
            if (session != null) session.invalidate();
            response.sendRedirect(request.getContextPath() + "/login.jsp");
        } else {
            response.sendRedirect(request.getContextPath() + "/login.jsp");
        }
    }
}
